Hi Askey,
I followed your directions and here is my log. Thanks again.
ComboFix 09-11-17.01 - Rose Lannan 18/11/2009 16:39.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.2.1033.18.2037.991 [GMT 9:00]
Running from: c:\users\Rose Lannan\Desktop\ComboFix.exe
Command switches used :: c:\users\Rose Lannan\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 08:06 . 2009-11-18 08:06 -------- d-----w- c:\users\Rose Lannan\AppData\Local\temp
2009-11-18 08:06 . 2009-11-18 08:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-18 08:06 . 2009-11-18 08:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-18 08:06 . 2009-11-18 08:06 -------- d-----w- c:\users\Craig Leach\AppData\Local\temp
2009-11-17 13:09 . 2009-11-17 13:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-16 09:36 . 2009-11-16 09:36 -------- d-----w- C:\found.005
2009-11-11 06:20 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 06:20 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 05:48 . 2009-11-11 05:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 05:45 . 2009-11-11 05:45 -------- d-----w- c:\windows\Sun
2009-11-10 17:22 . 2009-11-10 17:22 -------- d-----w- C:\found.004
2009-11-10 10:26 . 2009-11-10 10:26 -------- d-----w- C:\found.003
2009-11-04 07:28 . 2009-11-04 07:28 -------- d-----w- c:\program files\Trend Micro
2009-11-04 06:50 . 2009-11-04 06:50 -------- d-----w- C:\found.002
2009-10-31 05:14 . 2009-11-02 11:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 09:57 . 2008-11-05 17:03 4096 d-----w- C:\SDFix
2009-10-21 09:31 . 2009-10-21 09:31 -------- d-----w- c:\program files\CCleaner
2009-10-19 12:03 . 2009-10-31 16:00 -------- d-----w- C:\found.001
2009-10-19 11:03 . 2009-10-19 11:03 -------- d-----w- c:\users\Rose Lannan\AppData\Roaming\Malwarebytes
2009-10-19 11:03 . 2009-09-10 05:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 11:03 . 2009-10-19 11:03 -------- d-----w- c:\programdata\Malwarebytes
2009-10-19 11:03 . 2009-09-10 05:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 11:03 . 2009-11-16 09:45 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 08:07 . 2009-01-26 02:32 4096 d-----w- c:\users\Rose Lannan\AppData\Roaming\Skype
2009-11-18 07:00 . 2009-01-26 02:41 12288 d-----w- c:\users\Rose Lannan\AppData\Roaming\skypePM
2009-11-17 13:14 . 2008-12-05 02:36 8192 d-----w- c:\users\Rose Lannan\AppData\Roaming\uTorrent
2009-11-11 05:48 . 2008-10-20 12:01 4096 d-----w- c:\program files\Java
2009-10-12 11:50 . 2008-12-20 22:53 680 ----a-w- c:\users\Rose Lannan\AppData\Local\d3d9caps.dat
2009-10-11 13:47 . 2008-12-05 00:32 4096 d-----w- c:\program files\McAfee
2009-09-16 01:22 . 2008-12-05 00:33 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 01:22 . 2008-12-05 00:33 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 01:22 . 2008-12-05 00:33 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 01:22 . 2008-06-27 11:08 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 01:22 . 2008-12-05 00:27 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:44 . 2009-10-15 04:15 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:30 . 2009-10-15 07:43 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:33 . 2009-09-10 02:33 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb83CA.tmp.exe
2009-09-04 12:24 . 2009-10-15 07:36 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-27 05:22 . 2009-10-15 08:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 08:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-15 08:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-15 08:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-20 12:05 . 2008-10-20 12:05 76 --sh--r- c:\windows\CT4CET.bin
2008-10-20 14:32 . 2008-10-20 14:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-11-17_12.41.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-17 13:18 48962 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-11-18 07:25 73704 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-11-16 12:43 73704 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-18 06:42 . 2009-11-18 06:42 10732 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\74A956292B9D7ED29866593C7E501FA45B187192\74A956292B9D7ED29866593C7E501FA45B187192\Data.dat
+ 2008-12-05 00:02 . 2009-11-18 08:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-05 00:02 . 2009-11-17 12:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-05 00:02 . 2009-11-18 08:07 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-05 00:02 . 2009-11-17 12:19 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-05 00:02 . 2009-11-17 12:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-05 00:02 . 2009-11-18 08:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-06 11:26 . 2009-11-17 13:15 4074 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-06 11:26 . 2009-09-09 18:12 4074 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-21 18:48 . 2009-10-27 01:18 1708 c:\windows\System32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2009-02-21 18:48 . 2009-11-17 13:07 1708 c:\windows\System32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2008-12-05 00:06 . 2009-11-18 07:25 9978 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-470273076-1630879868-547343291-1000_UserData.bin
+ 2009-11-18 06:43 . 2009-11-18 06:43 5836 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F452D1CDFB082A7EC8E33C7927864A685456F253\F452D1CDFB082A7EC8E33C7927864A685456F253\Data.dat
- 2009-11-17 11:59 . 2009-11-17 11:59 5836 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F452D1CDFB082A7EC8E33C7927864A685456F253\F452D1CDFB082A7EC8E33C7927864A685456F253\Data.dat
+ 2009-11-18 06:42 . 2009-11-18 06:42 5656 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\865009ECA16B821B0B6A444E483F230830F2DCB5\2BEDCFFACDFBF4B4404889787B61FE7EFBCF0C5D\Data.dat
- 2009-11-12 18:23 . 2009-11-16 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-17 13:16 . 2009-11-18 07:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-12 18:23 . 2009-11-16 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-17 13:16 . 2009-11-18 07:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-05 02:30 . 2009-11-18 06:41 264000 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-08-10 16:14 . 2009-11-17 06:55 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-08-10 16:14 . 2009-11-18 07:23 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 68856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-07-24 993520]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-20 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-23 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-20 12:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [20/10/2008 3:48 PM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [03/05/2008 4:09 AM 161048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/12/2008 9:34 AM 210216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [20/10/2008 11:43 PM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [20/10/2008 11:43 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [20/10/2008 11:43 PM 7424]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-08 03:22]
2009-10-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-08 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.cbc.ca/newsuSearchURL,(Default) =
hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-18 17:06
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4420)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-11-18 17:15
ComboFix-quarantined-files.txt 2009-11-18 08:15
ComboFix2.txt 2009-11-17 12:47
Pre-Run: 143,608,221,696 bytes free
Post-Run: 143,562,915,840 bytes free
- - End Of File - - C5AFDA5572188B9150E06DFCCF00AF53